Secure Coding Workshop

Website & app securitystarts with the code

Security knowledge transfer is one of the most important contributing factors towards embedded, scalable, cost-effective security. In today’s ever-changing technological landscape, application security is an added complexity that might be overlooked, in response, we developed our Secure Coding Workshop.

What is it?

A developer builds; a pentester breaks. This workshop provides practical insight into the mind of a hacker, equipping you with the same tools hackers utilise. The workshop is usually offered on-site, perhaps following a pentest which identified possible problems in the codebase. During the course, we'll identify the most common security issues and show your developers best practice skills for correcting them.

Who is it for?

Highly-experienced pentesters who were developers deliver this workshop with the intention of making secure coding a practical skill rather than a technical burden. It’s an intimate techie-to-techie workshop, limited to a maximum of 10 participants. Our heavily practical course is tailored to you, delivered in the programming language you use, whether that is PHP, .NET, or Java and because our course deliverer signs an NDA, you can openly discuss the problems in your company’s codebase.

How can we help?

We offer a long-term investment, showing developers the best way to spot a vulnerability in code, exploit the vulnerability and how to fix it. We’ll also equip developers with best-practice methods to avoid these types of errors in future. Our hands-on coding workshop helps organisations develop and deploy applications that are inherently more secure, by promoting ‘security-by-design’: an ethos where security is baked into every stage of the software development life cycle rather than fixing repeated common coding errors.

Security-by-design helps by:

Reducing the risk exposure

Shortening the testing cycle

Reducing the requirements for re-work and retesting

Motivating developers by investing in their professional development and skill-set

Day 1

Aimed at raising awareness, this introductory session gives a general overview of how security testers and hackers go about finding web application vulnerabilities. Each session is a combination of instruction, demonstration and practical application where you will learn how to hack, find errors in code, fix those errors and test the fixes. We’ll cover:

Think like a pentester - learn practical tools of the trade, how to set them up and use them properly

Day 2

Discussing security areas in detail, these sessions include a number of demonstrations and practical applications, highlighting issues a web developer might face as well as detailing typical mistakes and how to avoid them. The sessions are:

Each attendee will require a laptop with VirtualBox installed. Before the first session, you will be given a link to download a virtual machine containing the example vulnerable web application and tools required for testing so that the course can start without set-up delays.

Pricing

The two-day workshop delivered to up to 5 people is £6,000. Up to 5 more people can be added to the workshop at a cost of £500 per person. Pricing does not include reasonable expenses and travel costs for the workshop instructor, all of which are agreed in advance. Pricing excludes VAT.

Why Secarma?

We love what we do, and we’re passionate about cybersecurity. Since we started out in 2001 (formerly as Pentest Ltd), we’ve continuously invested in research, technology, our people, and the depth of security services we offer.

We understand that developers face pressure to deliver secure applications against a backdrop of increasingly sophisticated techniques. Our workshop leaders are former developers who understand this pressure and who call upon their unique skill-set as penetration testers to impart their knowledge of secure coding.

It’s through this unique mix of training and experience, that we’re able to help protect your business.